CVE-2024-2197
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Chirp Systems | Chirp Access | 0 < v1.26.0 | affected |
Weaknesses
- CWE-259: CWE-259
Workarounds
For additional information, please see Chirp Systems statement here https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html or contact RealPage (Chirp Systems' parent company) via their support page https://www.realpage.com/support/ .
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01
- https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01
- https://statement.chirpsystems.com/chirp-systems-icsa-24-067-01-response.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.